On 01/06/2014 05:06 PM, Eric Rescorla wrote:
> http://dev.w3.org/2011/webrtc/editor/webrtc.html#dictionary-rtcconfiguration-members
> has:
>
> dictionary RTCIceServer {
> (DOMString or sequence<DOMString>) urls;
> DOMString? username = null;
> DOMString? credential;
> };
>
> AFAICT, username isn't really optional for TURN servers (RFC 5766 says):
>
> [RFC5389] specifies an authentication mechanism called the long-term
> credential mechanism. TURN servers and clients MUST implement this
> mechanism. The server MUST demand that all requests from the client
> be authenticated using this mechanism, or that a equally strong or
> stronger mechanism for client authentication is used.
>
> (and username and credential should have the same status in any case).
>
> I suspect we either need two classes (one for TURN and one for STUN)
> or explanatory text saying that you need to provide this for TURN.
Explanatory text seems like the right path to me. Since it contains
URLs, the syntax doesn't constrain it to be TURN or STUN, and the quoted
text does seem to make it possible that there will be other ways to do
this authentication.